One of the fastest-spreading stories of the weekend has been a strange OS X Mountain Lion bug that can crash almost any Mac app running any version of OS X 10.8, reported on Open Radar.

The initial bug report stated that typing 'File:///' (without the quotes) into almost any app causes the app to crash.

Follow-up testing has shown that the final character needn't be a forward-slash, with almost any character after 'File://' triggering the bug. The issue is also speed-dependent: leaving a brief pause between typing // and the next character will prevent the crash from occurring.

More embarrassingly still for Apple, filing a crash report causes both Crash Reporter and the Console apps to crash. The Console crash can only be cured by running a terminal command:

sudo sed -i -e 's@File:///@F i l e : / / /@g' /var/log/system.log

The Next Web has a detailed analysis of the issue, noting that it is related to Apple's Data Detectors feature for automatically recognizing dates, locations and other information in text for addition to Address Book or Calendar entries.

While it is rather surprising that the issue took so long to receive publicity, Apple is now likely to include a fix for the problem sooner rather than later. It is, however, unknown whether Apple will squeeze a fix into the upcoming OS X 10.8.3 that has been in developer testing for over two months.

I suppose it's "neat", but keep in mind in that this kind of core system vulnerability could potentially be exploited to put malware everywhere.

And that, my friend, is utter nonsense.

There is no vulnerability. There is an embarrassing bug that causes an exception to be thrown, which is not handled (because it shouldn't have been thrown), and uncaught exceptions stop the application from running. This would be inconvenient if it happened in a common situation, but Mountain Lion has been out for many months without anyone noticing, so nobody is inconvenienced. But importantly, because the effect of the bug is to stop the application from running, it is not something that can be exploited for malware.

Quote:

Originally Posted by ConCat

I know. It's just rare that a bug is so incredibly easy to produce like this. It makes me wonder how they missed it... Someone needs to update Apple unit tests.

"Easy to reproduce" doesn't mean "easy to find". This should have been found in a code review (someone checked that a URL is a "file url" by checking that it starts with the characters "file://" which is obvious nonsense - "File://" or "fIlE://" is perfectly legal), but anybody who is clever enough to write a unit test for the "File" case would also have been clever enough to get the code right in the first place.

There is no vulnerability. There is an embarrassing bug that causes an exception to be thrown, which is not handled (because it shouldn't have been thrown), and uncaught exceptions stop the application from running. This would be inconvenient if it happened in a common situation, but Mountain Lion has been out for many months without anyone noticing, so nobody is inconvenienced. But importantly, because the effect of the bug is to stop the application from running, it is not something that can be exploited for malware.

Well, truly malicious malware might be able to use this to cause your apps to repetitively crash. Especially given how trivial it is to automate text entry on a Mac using simple AppleScript commands.